May It Please The Court: Weblog of legal news and observations, including a quote of the day and daily updates

Skip To Content

MIPTC Author:


The Sled:

Listed in Latino Who's Who, June 2014
Locations of visitors to this page

Creative Commons License
This work is licensed under a Creative Commons License.

Weblog Comments

Return to the Weblog

Quote of the Day - More attacks are coming from disgruntled employees and internal hobby hackers than from the Internet. - Allen Hartman

Wormholes: Bring Money, Guns and Lawyers

A new suit filed Tuesday alleges that Microsoft is responsible for identity theft due to hacking.

Filed by Newport Beach plaintiff's attorney Dana Taschner, he lawsuit claims: "Microsoft's eclipsing dominance in desktop software has created a global security risk. As a result of Microsoft's concerted effort to strengthen and expand its monopolies by tightly integrating applications with its operating system ... the world's computer networks are now susceptible to massive, cascading failure."

Wow. So that's what my computer's problem is.

The suit further alleges that Microsoft engaged in unfair business practices because it failed to secure its software against worms, viruses and cyber attacks. The suit is brought by a LA film editor whose identity was stolen.

"If you live in the modern world, you must use Microsoft," said Taschner. "You can't on the other hand say, 'We're not responsible.' "

On the other hand, Microsoft has a different perspective. This complaint misses the point," Microsoft spokesman Sean Sundwalll argued. "The problems caused by viruses and other security attacks are the result of criminal acts by the people who write viruses."

An article entitled the Hacker Challenge supports the position taken in this lawsuit. At least the NB attorney found an expert to support his position.

It's kind of like the defense adopted by the gun industry: we can't be responsible for how the guns are used by criminals.

That defense may just shoot a hole in this new lawsuit.

Posted by J. Craig Williams on 10/3/2003 at 08:29 Comments (1)



Comments by Travis from United States on Friday, February 25, 2005 at 08:45

I wish you would have indicated the means by which this identity was stolen. For example, I'm guessing it was via the Internet.
Given this, if the suite claims that Microsoft's OS is at fault and Microsoft did not provide the ISP connection, then I don't see how Microsoft could be liable.
The plaintiff would have been the one who connected the OS to the Internet without obviously taking the necessary precautions.
There is a rule of thumb I tell my customers: There is no such thing as security, it only depends on who gives up first. If you can access it, they can access it. What you might 'consider' secure today, will be insecure tomorrow.
For example, I admin for a school. When I first tested their passwords, I had 20% of 900 in less then 30 seconds. I could bruteforce the rest in 3 days. Using rainbow tables, I can discover all 900+ in under 53 minutes.
Nothing is secure. The plaintiff needs to unplug his CAT5, turn off his USB ports, & rip out his floppy & burners. Oh, unplug his monitor & keyboard because of tempist attacks. Better yet, just get rid of the computer. But be sure to physically destroy the hard drive first.
That still doesn't secure his identity. All the systems that store his purchases are accessable. Finally, "HE" is still vulnerable to physical attack.
If you forget everything else, remember this: There is no such thing as security...


Comments are now closed.

Send your comments directly to the author at jcraigwms at (remove spaces and add @ symbol in place of the "at").